in the last 3 days, one of our mx domains has been the target of the
following ( the real domainname replaced by DOMAIN.XX ) :

These are just regular spamming attempts. Nothing to worry about.

it's the network connection part of it that baffles me. we're past the
tcp handshaking when smtp is invoked, which means there's a valid
connection ( = src and dest exists ) - for me it implies that the
spammer(bot) sends from multiple valid ips/networks, and with the
ridiculous generated
account names, i fail to see the point from the spammers view ( nothing
is ever accepted )